This was not because our Bitcoin
was stolen from a honeypot, rather the
graduate student who created the wallet
maintained a copy and his account was
compromised. If security experts can’t
safely keep cryptocurrencies on an Inter-net-connected computer, nobody can. If
Bitcoin is the “Internet of money,” what
does it say that it cannot be safely stored
on an Internet connected computer?
Bugs can also naturally cause significant damage to cryptocurrency
holdings. Although this potentially can
affect any cryptocurrency, the biggest
danger for bugs arises when cryptocurrencies are combined with “smart contracts”—programs that are generally
immutable once deployed and that automatically execute upon the transfer
of currency. The most successful platform for these is Ethereum, a cryptocurrency that allows writing programs
in a language called Solidity.
Bugs in these smart contracts can
be catastrophic. The first big smart
contract, the DAO or Decentralized Autonomous Organization, sought to create a democratic mutual fund where
investors could invest their Ethereum
and then vote on possible investments.
Approximately 10% of all Ethereum
ended up in the DAO before someone
discovered a reentrancy bug that enabled the attacker to effectively steal all
the Ethereum. The only reason this bug
and theft did not result in global losses
is that Ethereum developers released a
new version of the system that effectively undid the theft by altering the supposedly immutable blockchain.
Since then there have been other
catastrophic bugs in these smart con-
tracts, the biggest one in the Parity
Ethereum wallet software (see https://
bit.ly/2Fm7je4). The first bug enabled
the mass theft from “multisignature”
wallets, which supposedly required
multiple independent cryptographic
signatures on transfers as a way to pre-
vent theft. Fortunately, that bug caused
limited damage because a good thief
stole most of the money and then re-
turned it to the victims. Yet, the good
news was limited as a subsequent bug
rendered all of the new multisignature
wallets permanently inaccessible, ef-
fectively destroying some $150M in no-
tional value. This buggy code was large-
ly written by Gavin Wood, the creator
of the Solidity programming language
and one of the founders of Ethereum.
Again, we have a situation where even
an expert’s efforts fell short.
Individual Economic Risks
Everything about the cryptocurrency
space is full of bubbles. Since all volatile
cryptocurrencies are actually substantially inferior for legal purposes, this implies that the actual value as currency is
effectively $0, so the only store of value
is in other utility for a distributed trustless public append-only ledger.
Yet the Bitcoin blockchain, due to
consolidation of mining into a few mining pools, does not actually distribute
trust. Instead the system is effectively
controlled by less than 10 entities self-selected by their willingness to consume
power and anyone using Bitcoin implicitly trusts a majority of these few entities.
Every proof of work blockchain seems to
experience similar consolidation as the
more efficient miners inevitably drive out
less efficient ones. Given the almost trivial
cost of building a three-transactions-per-second distributed system with identified
and trusted entities using cryptographic
signatures instead of proof of work this
suggests the utility value for these cryptocurrencies is also effectively $0. This
means everyone participating in the
cryptocurrency market is basing the value only on the price that somebody else
will pay—no different from tulip bulbs or
beanie babies—and are all vulnerable to
substantial and sudden collapse.
But further magnifying the prob-
lem is a large number of scams. There
is a current trend in “Initial Coin Of-
ferings,” mostly consisting of crypto-
graphic tokens implemented on top
of an existing cryptocurrencies such as
Bitcoin or Ethereum. Although claim-
ing to be crowd-sold tokens for pur-
chase of future services, the tradeable
nature of these tokens has resulted in
their acting as unregistered securities
in a bubble market. There are also or-
ganized groups conducting pump-and-
dump schemes, complete with fancy
websites, animated advertisements,
and even placing paper advertisements
in BART commuter trains in San Fran-
cisco, CA. This market developed large-
ly in absence of regulation, although
regulators like the U.S. Securities and
Exchange Commission are finally start-
ing to pay attention.
Likewise, not only is a bubble often
a natural Ponzi scheme, there are many
explicit or likely Ponzi schemes. In the
early days of Bitcoin approximately 10%
of all Bitcoin were invested in Bitcoin
Savings and Trust, a Ponzi scheme run
by a pseudonymous individual known
to the community only as PirateAt40.
The editor of Bitcoin Magazine at the
time so much believed it was not a Ponzi
scheme that he made side bets that it
was not, using Bitcoin that he did not
have, just before the scheme collapsed.
Even explicitly advertised Ponzi
schemes see significant activity, such
as the “Proof of Weak Hands’, a Ponzi
scheme implemented as an Ethereum
smart contract. More than $1 million in notional value flowed into the
scheme in the space of a few hours before the flow stabilized. Two days later,
one bug froze the scheme (making
withdraws impossible) before a second
bug enabled a thief to take all the value.
Systemic Risks
The entire cryptocurrency environ-
ment also faces systemic risks includ-
ing worms, exchanges, central authori-
ties, and government intervention.
Peer-to-peer systems, and especially
those written in unsafe languages such
as C and C++, are particularly vulner-
able to worms. A worm that can exploit
a P2P node and then spread to all con-
nected nodes takes approximately the
same time to spread worldwide as a
broadcast message in the same net-
work. For cryptocurrencies that mini-
mize the time required to send trans-
actions, this would enable a worm to
spread globally in a matter of seconds.
The ease of theft and the common
practice of speculators using multiple
cryptocurrencies create an incentive
for thieves to deploy worms, because a
worm could spread through one cryp-
tocurrency’s network and then steal all
other cryptocurrencies accessible on
The entire
cryptocurrency
environment also
faces systemic risks.